[Secure-testing-commits] r37834 - in data: . CVE
Ben Hutchings
benh at moszumanska.debian.org
Tue Nov 24 00:22:57 UTC 2015
Author: benh
Date: 2015-11-24 00:22:57 +0000 (Tue, 24 Nov 2015)
New Revision: 37834
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for squeeze
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-23 21:10:16 UTC (rev 37833)
+++ data/CVE/list 2015-11-24 00:22:57 UTC (rev 37834)
@@ -246,15 +246,18 @@
TODO: check
CVE-2015-8219 (The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ...)
- ffmpeg 7:2.8.2-1
+ [squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- libav <undetermined>
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=43492ff3ab68a343c1264801baa1d5a02de10167
CVE-2015-8218 (The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg ...)
- ffmpeg 7:2.8.2-1
+ [squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- libav <undetermined>
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46
CVE-2015-8217 (The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg ...)
- ffmpeg 7:2.8.2-1
- - libav <undetermined>
+ [squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
+ - libav <undetermined>
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=93f30f825c08477fe8f76be00539e96014cc83c8
CVE-2015-8216 (The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ...)
- ffmpeg 7:2.8.2-1
@@ -535,6 +538,7 @@
CVE-2015-XXXX [Several reads out-of-bound in mplayer]
- mplayer <unfixed> (low)
[wheezy] - mplayer <no-dsa> (Minor issue)
+ [squeeze] - mplayer <no-dsa> (Minor issue)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/10/8
NOTE: Possibly doesn't affect squeeze. Valgrind doesn't report the read out-of-bounds.
CVE-2015-8102
@@ -2254,6 +2258,7 @@
CVE-2015-7496 [gdm3: crash when holding Escape in lock screen]
RESERVED
- gdm3 3.18.2-1
+ [squeeze] - gdm3 <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758032
NOTE: https://git.gnome.org/browse/gdm/commit/?id=5ac2246
NOTE: https://git.gnome.org/browse/gdm/commit/?id=05e5fc2
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2015-11-23 21:10:16 UTC (rev 37833)
+++ data/dla-needed.txt 2015-11-24 00:22:57 UTC (rev 37834)
@@ -16,6 +16,8 @@
--
eglibc (Raphaël Hertzog)
--
+ffmpeg
+--
imagemagick
NOTE: maintainer might take care of it, cf http://lists.debian.org/D7AE3B74-1C15-4073-9E4E-30803BE1400D@gmail.com
--
@@ -43,6 +45,8 @@
pound
NOTE: updating to the wheezy option might be less error prone
--
+putty
+--
quassel (Scott K)
--
squid (Santiago R.R.)
More information about the Secure-testing-commits
mailing list